[
https://issues.apache.org/jira/browse/AMBER-49?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489399#comment-13489399
]
Antonio Sanso commented on AMBER-49:
------------------------------------
Thanks for your patch Stein.
It looks good . Couple of things though:
- as per [0] the authorization server code will do something like
{code}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
OAuthTokenRequest oauthRequest = null;
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
try {
oauthRequest = new OAuthTokenRequest(request);
{code}
in the token endpoint. Now we would have as well this
OAuthAuthenticatedTokenRequest so the code would me less generic ?
WDYT?
- another minor think is that I am not a huge fan of StringTokenizer. I know is
already used but I'd like to replace it if you ask me :)
[0]
https://cwiki.apache.org/confluence/display/AMBER/OAuth+2.0+Authorization+Server
> AuthorizationCodeValidator needs to be updated to latest spec
> -------------------------------------------------------------
>
> Key: AMBER-49
> URL: https://issues.apache.org/jira/browse/AMBER-49
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Authorization Server
> Reporter: Antonio Sanso
> Assignee: Antonio Sanso
> Attachments: Patch_for_AMBER-49.patch
>
>
> The authorization code grant type it wrongly automatically validates that the
> client ID and secret are there.
> See also [0]
> [0] http://amber.markmail.org/message/b7q5lpe2ijh7lfrv
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
